'Quadrooter' Bug Puts Android Devices At Risk

Qualcomm and Google claim to have patched all but one of the four vulnerabilities.

Android owners, beware: Security flaws found in Qualcomm processors serving Google’s mobile operating system could put your devices at risk.
Researchers at security firm Check Point researchers recently discovered the vulnerabilities, which may affect as many as 900 million devices.

During last week’s Def Con security conference in Las Vegas, Check Point’s Adam Donenfeld revealed four new privilege escalation exploits—together dubbed “Quadrooter”—which can be used to remotely gain root access to Android handsets. An attacker simply needs to trick a user into installing a malicious app, and the cyberthief gains unfettered access to saved data. The attacker can also change or remove system-level files; delete or add apps; and access the device’s screen, camera, or microphone, the security firm said.
Since the vulnerable drivers are pre-installed, they can only be fixed via a patch from distributors or carriers. Those companies, meanwhile, can only push the repair after receiving new driver packs from Qualcomm.
Qualcomm claims to have already fixed all four flaws, and Google said it patched three in an August update; the final debugging will come with the company’s next security update, Android Headlines said.
Neither Qualcomm nor Google immediately responded to PCMag’s request for comment.
Concerned Android owners can download Check Point’s free QuadRooter Scanner app, which, as its name suggests, scans your phone to see if the necessary patches have been downloaded and installed.

Even the most secure devices are at risk, according to Check Point, which provided the following list of affected smartphones:

CATEGORIES

Cyber Parse was created to provide knowledge to help everyone understand and deal with the ever increasing threats we all face by Cyber Crime (Malware, Social Engineering, Phishing and hacking).
Our purpose is to provide the right information to our readers by breaking down and communicating knowledge relating to Cyber Crime, Cyber Security, Information Security and Computer Security, then using Risk Management practices to help translate the technical aspects of the Risks, Threats, Vulnerabilities and controls to reduce the risk into business language.